diff options
Diffstat (limited to 'src/tools/check-caps.sh')
-rwxr-xr-x | src/tools/check-caps.sh | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/src/tools/check-caps.sh b/src/tools/check-caps.sh new file mode 100755 index 000000000..13525677b --- /dev/null +++ b/src/tools/check-caps.sh | |||
@@ -0,0 +1,46 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | if [ $# -eq 0 ] | ||
4 | then | ||
5 | echo "Usage: check-caps.sh program-and-arguments" | ||
6 | echo | ||
7 | fi | ||
8 | |||
9 | set -x | ||
10 | |||
11 | firejail --caps.drop=chown "$1" | ||
12 | firejail --caps.drop=dac_override "$1" | ||
13 | firejail --caps.drop=dac_read_search "$1" | ||
14 | firejail --caps.drop=fowner "$1" | ||
15 | firejail --caps.drop=fsetid "$1" | ||
16 | firejail --caps.drop=kill "$1" | ||
17 | firejail --caps.drop=setgid "$1" | ||
18 | firejail --caps.drop=setuid "$1" | ||
19 | firejail --caps.drop=setpcap "$1" | ||
20 | firejail --caps.drop=linux_immutable "$1" | ||
21 | firejail --caps.drop=net_bind_service "$1" | ||
22 | firejail --caps.drop=net_broadcast "$1" | ||
23 | firejail --caps.drop=net_admin "$1" | ||
24 | firejail --caps.drop=net_raw "$1" | ||
25 | firejail --caps.drop=ipc_lock "$1" | ||
26 | firejail --caps.drop=ipc_owner "$1" | ||
27 | firejail --caps.drop=sys_module "$1" | ||
28 | firejail --caps.drop=sys_rawio "$1" | ||
29 | firejail --caps.drop=sys_chroot "$1" | ||
30 | firejail --caps.drop=sys_ptrace "$1" | ||
31 | firejail --caps.drop=sys_pacct "$1" | ||
32 | firejail --caps.drop=sys_admin "$1" | ||
33 | firejail --caps.drop=sys_boot "$1" | ||
34 | firejail --caps.drop=sys_nice "$1" | ||
35 | firejail --caps.drop=sys_resource "$1" | ||
36 | firejail --caps.drop=sys_time "$1" | ||
37 | firejail --caps.drop=sys_tty_config "$1" | ||
38 | firejail --caps.drop=mknod "$1" | ||
39 | firejail --caps.drop=lease "$1" | ||
40 | firejail --caps.drop=audit_write "$1" | ||
41 | firejail --caps.drop=audit_control "$1" | ||
42 | firejail --caps.drop=setfcap "$1" | ||
43 | firejail --caps.drop=mac_override "$1" | ||
44 | firejail --caps.drop=mac_admin "$1" | ||
45 | firejail --caps.drop=syslog "$1" | ||
46 | firejail --caps.drop=wake_alarm "$1" | ||